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Abstract 


This EIP offers an alternative to Access Control Lists (ACLs) for granting authorization 
and enhancing security. An uint256 is used to store permission of given address in a 
ecosystem. Each permission is represented by a single bit in uint256 as described in 
ERC-6617. Bitwise operators and bitmasks are used to determine the access right 
which is much more efficient and flexible than string or keccak256 Comparison. 


Motivation 


Special roles like owner , Operator , Manager , Validator are common for many smart 
contracts because permissioned addresses are used to administer and manage them. 
It is difficult to audit and maintain these system since these permissions are not 
managed in a single smart contract. 
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Since permission and role are reflected by the permission token balance of the 
relevant account in the given ecosystem, cross-interactivity between many 
ecosystems will be made simpler. 


Specification 
The key words “MUST", “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT“, “SHOULD”, 


“SHOULD NOT", “RECOMMENDED”, “NOT RECOMMENDED", “MAY”, and “OPTIONAL” 
in this document are to be interpreted as described in RFC 2119 and RFC 8174. 


Note The following specifications use syntax from Solidity @.8.7 (or above) 
Core Interface 
Compliant contracts MUST implement IEIP6366Core . 


It is RECOMMENDED to define each permission as a power of 2 so that we can 
check for the relationship between sets of permissions using ERC-6617. 


interface IEIP6366Core { 
JEF 


* MUST trigger when `_permission` are transferred, including `zero` permission tr 


* @param _from Permission owner 

* @param _to Permission receiver 

* @param _permission Transferred subset permission of permission owner 
*/ 


event Transfer(address indexed _from, address indexed _to, uint256 indexed _permis 


JEF 
* MUST trigger on any successful call to `approve(address _delegatee, uint256 _pe 
* @param _owner Permission owner 
* @param _delegatee DeLegatee 
* @param _permission Approved subset permission of permission owner 
era 


event Approval(address indexed _owner, address indexed _delegatee, uint256 indexec 


[tt 


* Transfers a subset 


_permission of permission to address ~_to. 

* The function SHOULD revert if the message caller’s account permission does not 
* of the transferring permissions. The function SHOULD revert if any of transferr 
* existing on target ~_to address. 


* @param _to Permission receiver 
* @param _permission Subset permission of permission owner 
Z 


function transfer(address _to, uint256 _permission) external returns (bool success 


JEF 


* ALLows ~_delegatee to act for the permission owner's behalf, up to the 


_permi 
* If this function is called again it overwrites the current granted with ~_perm 
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* `approve()` method SHOULD `revert` if granting `_permission` permission is not 
* a subset of all available permission of permission owner. 


* @param _delegatee Delegatee 
* @param _permission Subset permission of permission owner 
*/ 


function approve(address _delegatee, uint256 _permission) external returns (bool < 


/** 
* Returns the permissions of the given `_owner` address. 
7 


function permissionOf(address _owner) external view returns (uint256 permission); 


JEF 
* Returns `true` if `_required` is a subset of `_permission` otherwise return `fc 
* @param _permission Checking permission set 
* @param _required Required set of permission 
*/ 


function permissionRequire(uint256 _permission, uint256 _required) external view r 


JEF 
* Returns ‘true’ if `_required` permission is a subset of `_actor`'s permissions 
* permission granted by the ~_owner . 


* @param _owner Permission owner 

* @param _actor Actor who acts on behalf of the owner 
* @param _required Required set of permission 

+f 


function hasPermission(address _owner, address _actor, uint256 _required) external 


JEF 
* Returns the subset permission of the `_owner` address were granted to ~_delegat 
* @param _owner Permission owner 
* @param _delegatee DeLegatee 
g4 
function delegated(address _owner, address _delegatee) external view returns (uini 


Metadata Interface 


It is RECOMMENDED for compliant contracts to implement the optional extension 
TEIP6366Meta . 


SHOULD define a description for the base permissions and main combinaison. 


SHOULD NOT define a description for every subcombinaison of permissions possible. 


interface IEIP6366Meta { 
JEF 


* Structure of permission description 
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* @param _permission Permission 

* @param _name Name of the permission 

* @param _description Description of the permission 
g4 


struct PermissionDescription { 
uint256 permission; 
string name; 
string description; 


| 
/** 
* MUST trigger when the description is updated. 
* @param _permission Permission 
* @param _name Name of the permission 
* @param _description Description of the permission 
of 


event UpdatePermissionDescription(uint256 indexed _permission, string indexed _nan 


{tt 
* Returns the name of the token - e.g. ~"OpenPermissionToken" . 
w4 


function name() external view returns (string memory); 


JEF 
* Returns the symbol of the token. E.g. `"OPT"`. 
*/ 


function symbol() external view returns (string memory); 


JEF 
* Returns the description of a given ~_permission . 
* @param _permission Permission 
"Z 


function getDescription(uint256 _permission) external view returns (PermissionDesc 


JEF 
* Return `true` if the description was set otherwise return “false. It MUST emit 
* @param _permission Permission 
* @param _name Name of the permission 
* @param _description Description of the permission 
*/ 


function setDescription( 
uint256 _permission, 
string memory _name, 
string memory _description 
) external returns (bool success); 


Error Interface 
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SHOULD NOT expected IEIP6366Error interface was implemented. 


interface IEIP6366Error { 
JEF 


* The owner or actor does not have the required permission 
*/ 


error AccessDenied(address _owner, address _actor, uint256 _permission); 


JEF 
* ConfLict between permission set 
*/ 


error DuplicatedPermission(uint256 _permission); 


JEF 
* Data out of range 
*/ 
error OutOfRange(); 
} 


Rationale 


Needs discussion. 
Reference Implementation 
First implementation could be found here: 


e ERC-6366 Core implementation 
e ERC-6366 Meta implementation 


Security Considerations 


Need more discussion. 


Copyright 


Copyright and related rights waived via CCO. 
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